Navigating Human Rights in the Digital Age: An Exploration of Data Protection Laws in Brazil and in Europe ()
1. Introduction
In an era defined by technological advancements and ubiquitous connectivity, the transformation of privacy into data protection has emerged as a paramount concern. This article undertakes a comprehensive examination of this transition, with a specific focus on the legal landscapes of Brazil and Europe. The intricacies of data protection pose intricate challenges and opportunities, casting a profound impact on individual rights, legal frameworks, and global collaboration. This study aims to provide a comprehensive analysis of this evolution, shedding light on the intricate relationship between human rights, fundamental rights, and data protection, and their manifestations across diverse legal systems.
As the digital landscape continues to evolve, the distinction between public and private spheres has become increasingly blurred. This has precipitated a growing concern about the security of personal data and the need for robust legal mechanisms to safeguard individual rights amidst the growing tide of digitization. This article seeks to address the legal, ethical, and practical complexities arising from the transformation of conventional privacy norms into the contemporary realm of data protection.
This article seeks to comprehensively analyze the paradigm shift from privacy to data protection, with a special emphasis on the legal frameworks in Brazil and Europe. It aims to delve into the intricacies of this transition, scrutinize the evolving definitions of privacy and data protection, and evaluate their implications for human rights within the dynamic digital environment.
The shift from privacy to data protection represents a pivotal juncture demanding comprehensive legal frameworks to address the challenges of the digital age. Data protection is inherently linked to a broader spectrum of human rights, encompassing personal autonomy, dignity, and the right to privacy. Furthermore, while the legal frameworks pertaining to data protection share foundational aspects across Brazil and Europe, cultural, historical, and legal contexts give rise to nuanced divergences in their implementation.
This study adopts a comparative legal analysis approach to explore the evolution from privacy to data protection, along with the corresponding legal frameworks in Brazil and Europe. The methodology encompasses an exhaustive literature review, an examination of pertinent legal documents, and case studies to provide a comprehensive understanding of the historical, legal, and societal dimensions of the subject matter. Moreover, this study employs a comparative evaluation of data protection laws, highlighting both commonalities and variations to discern the contextual factors that shape their formulation and application. Primary and secondary resources, including legal texts, scholarly literature, case law, and reports from international bodies, are drawn upon to inform the research.
Therefore, this article aspires to offer a holistic understanding of the transformation from conventional privacy norms to contemporary data protection imperatives and their implications for human rights, legal frameworks, and international collaboration. By dissecting the legal landscapes of Brazil and Europe, this study seeks to contribute to the ongoing discourse on data protection within an ever-evolving digital milieu.
2. From Privacy to Data Protection
2.1. The Terminology of Privacy
When discussing the issue of privacy, it is important to begin by clarifying the meaning of the terms used.
The fact is that the absence of a solid definition of privacy, reflecting semantic consolidation, is not a problem exclusive to Brazilian doctrine. The example of American doctrine can be taken, which has a consolidated term (privacy, strengthened by the recognition of the right to privacy), which, however, encompasses a wide range of situations, many of which the Brazilian jurist (or any other from the civil law tradition) would not directly associate with privacy (Doneda, 2019) .
Different legal systems have followed their own trajectories in addressing the topic of privacy, taking into account the specificities of each society. As a result, significant differences in conception have emerged: under the term “privacy,” structures are found aimed at ensuring, for example, the illegality of publishing photographs without the subject’s consent, the right to abortion, the inviolability of the domicile, and many other issues (Doneda, 2019) .
Frequently, the definition of privacy is approached in a context limited to a conceptualist epistemological perspective, which often unconsciously seeks, first and foremost, the cohesion of the legal system, operating through a process of generalization, culminating in the formulation of a doctrinal concept. It is important to highlight Pietro Perlingieri’s warning that the danger is serious: legal science, built upon generalities, becomes abstract; the jurist ceases to deal with the specific aspects of life and experience, and their books predominantly arise from reflection upon other books (Perlingieri, 1979) .
Nevertheless, the lack of a definitive definition of the right to privacy should be viewed as an inherent characteristic of the subject, and not as a flaw or obstacle. Perhaps the quest for a precise “definition” of privacy is not the central issue to be addressed (Doneda, 2019) .
Habermas noted that words like “private” or “public sphere,” and we can include “privacy” in this list, carry a variety of meanings in different historical contexts. When simultaneously applied to the relations of an advanced industrially organized bourgeois society in the form of a State, these terms can lead to misunderstandings (Habermas, 1984) .
The term “privacy” has Latin origins (derived from the verb privare, with its adjectival form being privatus), although nowadays it is widely used due to its intense use in the English language, leading many to consider it an Anglicism. In fact, the term “privacy” has had a robust development in the English language that does not have a direct equivalent in Latin languages, at least as a simple noun. It is worth mentioning that in the 16th century, English literature already extensively employed this term (Doneda, 2019) .
The 1988 Federal Constitution addressed this issue and included, among the guarantees and fundamental rights in its Article 5, the protection of “intimacy” and “private life” (item X), making it clear that the protection of the human person encompasses these elements. The mentioned terms (as well as “honor” and “image”) were used, and it is up to the interpreter to define their scope (Doneda, 2019) .
The terminology used in the Brazilian Constitution must be understood within the context of the fundamental rights it seeks to protect. From this perspective, we consider it unproductive to insist on a conceptual approach that emphasizes the connotations and differences between the two terms. Each of them has its own semantic field: in the case of “private life,” a discussion about the distinction between matters of public life and private life is found, establishing limits and following a logic of exclusion (Doneda, 2019) .
It is not a coincidence that these terms still manifest in notions present in ancient societies, like Roman society (Arendt, 2001) , with the risk of promoting a thought based on a dichotomy between public and private, between public and private interests, which can indicate an ideological choice that risks distancing the idea of a unified legal system structured around a common set of values (Perlingieri, 1984) .
The other term used by the constitutional legislator, “intimacy,” seems to refer to more personal and private events, creating an atmosphere of trust. It evokes, above all, the aspect of the right to tranquility, the right to be left alone (Doneda, 2019) .
The true question that arises from the constitutional terminology is this: given the use of two different terms, are we dealing with two distinct hypotheses that should be valued differently? The answer is no, for the following reasons: 1) the lack of a clear definition both in doctrine and jurisprudence, coupled with the fact that this is the first time the topic is constitutionally addressed, may have led the legislator to opt for the excessive use of terms, out of fear of restricting the applicability of the norm; 2) the doctrinal debate about the limits between the two concepts, given their highly subjective nature, would divert the focus from the main problem, which is the application of the fundamental right of the human person in question, as established in the Constitution. Certainly, most of the doctrine recognizes the need to build a system capable of encompassing the complexity of the issue of privacy, and for this purpose, it uses a variety of terms. However, this is not the only way to do it—the complexity of the problem goes beyond the proposed binary approach—and we add that it is not the best option, as it relies on a semantic choice that lacks clarity (Doneda, 2019) .
2.2. The History of Privacy
During the Middle Ages, there was no systematic desire for privacy or isolation among people. At most, it can be noted that a few individuals had the possibility to isolate themselves from others, such as feudal lords who desired so, or individuals who chose solitude over public life, like religious figures, mystics, criminals, or exiles. However, by the end of the Middle Ages, among the most influential feudal lords, there were indications that could be interpreted as hints of the emergence of a private sphere, albeit vague and similar to contemporary standards (Doneda, 2019) .
One of the driving factors of this change relates to the contours of private habitation. In the legal literature of the time, and even before, various forms of protection against invasions of homes can be found. However, this was not enough to conclude that such protection of domicile was an anticipation of privacy guarantees.
Starting from the 16th century, we observe a new architectural organization of residences and cities, providing more favorable conditions for class and category separation, and even for isolation. It is at this point that we begin to glimpse the current notion of privacy, which could only develop in the face of this new dynamic between individuals and society (Doneda, 2019) .
The expansion of the private sphere occurs as a result of individualism, as pointed out by Hannah Arendt. Specifically, the modern notion of privacy is structured in opposition to the social sphere, rather than the political sphere, as was the case for individuals in antiquity (Arendt, 2001) .
Privacy becomes a privilege of the emerging bourgeois class, utilizing it as a means to assert their identity in society and enable the solitary bourgeois individual to isolate within their own class. Driven by a strong individualistic spirit, this bourgeois class makes privacy a distinctive element in its pursuit of social status (Rodotà, 1999) .
Thus, a conception of privacy emerges that is directly linked to property protection, something predominant at that time and still influential today (Doneda, 2019) .
The industrial society alters the balance between rural and urban life, bringing forth various consequences. In urban areas, relationships tend to be impersonal, and survival, devoid of many typical rural associations, takes on a more individualistic character. On the other hand, in rural environments, relationship dynamics are different, and some commentators even assert that privacy was a non-existent concept in such societies (Gormley, 1992) .
The fact that the modern discussion about privacy emerged in the United States is a significant fact worth considering. After all, it was one of the first instances in which an important theme of Western legal tradition gained decisive momentum from reflections arising in America, diverging from its European roots (Doneda, 2019) .
The article “The right to privacy,” often cited as an isolated historical reference, is actually part of a much broader context in which American society and the capitalist system were embedded. The westward expansion, which greatly influenced American symbolism, culture, and customs, had been concluded by 1893 (Coople, 1994) .
The article by Warren and Brandeis reflects the trend of seeking a distinct foundation for privacy protection, detached from the right to property. One of its central points is the observation that the principle to be observed in privacy protection is not related to private property but to the so-called “inviolate personality” (Warren & Brandeis, 1890) .
In this reference to a personal right, the central element around the protection of the human person is identified, which will be crucial in safeguarding privacy in the next century (Doneda, 2019) .
However, this starting point was not so sudden: the issue was already present in common law jurisprudence. The case of Pope v. Curl in 1741, involving a dispute over the unauthorized publication of correspondence between the poet Alexander Pope and novelist Jonathan Swift, is mentioned in common law literature as the oldest case discussing the topic of privacy (Baldassare, 1974) .
The subject was also addressed in earlier literature, as evidenced by British jurist James Fitzjames Stephen’s argument in 1872. He advocated that both legislation and public opinion should rigorously respect privacy in all cases (Stephen, 1873) .
In today’s world, with mass information processing being commonplace, privacy cannot be approached solely based on what it represented for other societies. It is essential to heed the lesson of Stefano Rodotà, who emphasizes that the problem of privacy today is no longer about adapting a notion that arose in past times, but about considering it within the current context of the organization of powers (Rodotà, 1996) .
Privacy plays a fundamental role in protecting the human person, not only as a shield against external influences and exclusion but also as an element that promotes autonomy, citizenship, and political activity in its broad sense, as well as rights of freedom in general. In this role, privacy is an essential premise of a modern democratic society, in which dissent and nonconformity are organic components (Doneda, 2019) .
Perlingieri highlighted that reflecting on the method is not so much about making a choice in itself but about becoming aware of the choice and the results that applying that method entails (Perlingieri apud Doneda, 2019 ).
Therefore, considering the diversity of interests involved in the complex subjective situations that privacy encompasses, as well as the specific nature of the technological dynamics associated with it, it is appropriate to recognize that values are present in it that ultimately require the integral protection of personality (Doneda, 2019) .
Privacy encompasses values that manifest in various situations that cannot be fully grasped by the logic of subjective law. Therefore, the traditional conception of the “right to privacy” proves deceptive, or at least ill-advised, when attempting to approach it with a symbology based on a subjective right incapable of capturing the complexity of the situation (Doneda, 2019) .
Remedial protection, characteristic of subjective law, is merely one of the tools that can be used to safeguard privacy and is by no means the only framework within which this protection must be carried out. It lacks the suitable means to fulfill its promotional function in the protection of privacy as a means of safeguarding the human person and promoting the general clause of personality protection. Furthermore, it does not cover the collective dimension in which the issue of privacy arises. From this perspective, privacy protection must be addressed through civil liability, which, though a valid option in many situations, alone does not promote the necessary advancement in privacy protection. Under this perspective, it would still be seen as a mere negative freedom, ignoring both the evolution of the subject and the reach of constitutional norms that, by considering privacy in its positive aspect, emphasize its promotional function—for which other institutes must be employed (Doneda, 2019) .
Examining the trajectory of the matter over the last few decades, the presence of various related interests becomes evident. These interests are not limited to reservation and isolation but also encompass the construction of a personal sphere in which freedom of choice is possible and, consequently, allows for the development of personality (Doneda, 2019) .
According to Rodotà, privacy consists of the right to maintain control over personal information and to define the ways in which the individual’s private sphere is constructed (Rodotà, 1996) .
Within this context, personal information plays a crucial role as an objective element, while the construction of the private sphere is seen as the underlying purpose, along with the general clause of personality, standing out as one of the aspects of individual free development (Doneda, 2019) .
An important facet of privacy is the protection of personal data. This leads to an analysis of this right.
2.3. The Right to Data Protection
In the Brazilian Federal Constitution, habeas data has been configured as a constitutional action, not strictly a substantive right, although this aspect can be inferred through its characteristics (Doneda, 2019) .
It is important to highlight that the explicit inclusion of habeas data in legislation is less about creating procedural tools, which could be considered dispensable, and more about emphasizing substantive rights. It guarantees any citizen access to personal information of the petitioner present in records or databases of governmental entities or public nature, as well as the right to compulsorily rectify inaccurate information (Doneda, 2021) .
Despite introducing innovations such as the habeas data action (Art. 5, LXXII) and guaranteeing the rights to private life and intimacy (Art. 5, XII), the Brazilian Constitution did not immediately establish a majority consensus regarding the existence of a right to data protection. On the contrary, in a 2006 decision by the Brazilian Supreme Court, presided by Justice Sepúlveda Pertence, who had previously expressed support for the existence of a substantive right to personal data, the guarantee of inviolability of data stored in computers based on constitutional provisions was not recognized (Doneda, 2021) .
Since then, the topic of data protection has gradually gained prominence in political debates. An example of this is the Santa Cruz de La Sierra Declaration, the final document of the XIII Ibero-American Summit of Heads of State and Government, signed by the Brazilian government on November 15, 2003, which mentions the fundamental right character of personal data protection (Doneda, 2021) .
Within the Brazilian legal framework, the Consumer Protection Code plays a significant role in personal data protection. This code establishes adaptable principles and guidelines for various situations, as well as a concrete protection system through the National Consumer Defense System. Consequently, a considerable portion of data-related demands, often characterized as consumer relations, have been dealt with under the jurisdiction of this code. This trend continues to this day, and some scholars suggest that several data protection principles can be observed from provisions contained in the Consumer Protection Code itself (Doneda, 2021) .
An additional discussion related to the registration of consumer financial transactions led to the enactment of specific legislation, Brazilian Law No. 12.414/2021, popularly known as the Positive Credit Registry Law (Doneda, 2021) .
The Access to Information Law (Brazilian Law No. 12.527/2011), which regulates the principle of transparency enshrined in the Brazilian Constitution, defines the concept of personal information similarly to what would later be adopted by the Brazilian Data Protection Law (LGPD). Furthermore, Article 31 of this law establishes specific guidelines for the protection of personal data held by the government, recognizing the importance of including data protection even in legislation intended to regulate transparency, as they are fundamental to its legitimacy. Similarly, the Internet Civil Rights Framework (Brazilian Law No. 12.965/2014), in establishing a set of rights and procedures for Internet users, incorporates a series of provisions related to the use of personal data (Doneda, 2021) .
The protection of personal data has acquired an unprecedented magnitude with the introduction of information technology usage and extensive digitization, which has already taken on an omnipresent character and impacts all areas of contemporary social, economic, political, and cultural life worldwide. This phenomenon is commonly known as Ubiquitous Computing (Sarlet, 2021) .
The progress of digitization has significantly influenced legal doctrine and methodology, as well as extended to the realms of public administration and court proceedings. Increasingly, these instances are challenged to find creative and suitable solutions to address the concrete problems presented to them (Sarlet, 2021) .
Hence, it is not surprising that there has been a discussion for some time about a process of digitizing fundamental rights, as well as about a digital dimension of Law itself (Leonardi, 2019) , which includes, but is not limited to, the gradual recognition, both at the constitutional level and in international law, of a human and fundamental right to data protection, as well as other related principles, rights, and duties. Moreover, a reinterpretation of “classic” fundamental rights also takes place (Sarlet, 2021) .
The establishment and development of legal protection for personal data, both quantitatively and qualitatively, began in the early 1970s through specific regulations in the realm of infraconstitutional legislation. A pioneering example was the legislation of the state of Hesse in Germany in 1970, which was the world’s first specific legislation on the subject, although it was not designed for the digital world and did not have national coverage. However, the recognition of a human and fundamental right to personal data protection had to wait a significant amount of time to be incorporated into legal-constitutional language (Sarlet, 2021) .
3. Data Protection as a Human Right
The incorporation of an autonomous fundamental right to personal data protection has been gradually taking place in contemporary constitutions. Additionally, in various countries, there are proposals for constitutional amendments (or constitutional revisions, depending on the case) in this direction. An example of this is the Brazilian case, with the Proposed Constitutional Amendment (PEC) 17/2019, which, for now, will not be discussed in detail (Sarlet, 2021) .
It was with the introduction of Convention 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data (1981) (Council of Europe, 1950) that explicit regulation of personal data began to occur. However, it was only in the early 2000s, through the Charter of Fundamental Rights of the European Union (CFR) (European Parliament, 2000) , that the right to data protection was finally recognized as an autonomous fundamental right, applicable only to the member states of the European Union (Doneda, 2011) .
Like other fundamental rights, the right to data protection is autonomous in its scope of protection but is intrinsically related to other constitutional rights and principles. In a broad perspective characteristic of open constitutional states, this right is also connected to international human rights law (Sarlet, 2021) .
3.1. Human Rights, Fundamental Rights, and Data Protection
The understanding that human rights and fundamental rights are not identical, although they share substantial similarities, has been increasingly accepted. However, it is important to note that in some cases, a right can simultaneously be considered both a human right and a fundamental right (Sarlet, 2018) , as is the case with the right to personal data protection.
Human rights are those guaranteed by international human rights treaties, while fundamental rights are rights recognized, either explicitly or implicitly, within the scope of the constitutional law of each state. It is important to observe that fundamental rights can encompass both human rights and other rights, even if the state has not ratified or has partially adhered to international human rights treaties (Sarlet, 2021) .
The Charter of Fundamental Rights of the European Union (CFR), elaborated in Nice, France, in 2000, was designed to be a catalog of fundamental rights integrated into a broader document, the Treaty of Lisbon. However, due to opposition from some countries in the European bloc, the Treaty of Lisbon did not attain the status of a formal European constitution (Sarlet, 2021) .
Furthermore, it was only in 2018 that the new General Data Protection Regulation of Europe (GDPR) came into effect. This regulation, in addition to recognizing and concretizing the fundamental right established in the CFR, has a self-executing nature and, uniquely, directly binds all member countries of the European Union (Sarlet, 2021) .
In any case, it is important to emphasize that the right to personal data protection is simultaneously a human right and a fundamental right. However, it is worth noting that this does not exclude the possibility of tension and normative conflicts of various kinds (Sarlet, 2021) .
It is known that the scope of application of the European Convention on Human Rights differs from the Treaty of Lisbon, as the latter only binds the member states of the European Union, while the Convention establishes rights and obligations for a broader universe of states, including several nations from the former Eastern bloc, such as Russia and Croatia, which ratified the Convention, although not all are subject to the CFR (Sarlet, 2021) .
Furthermore, the jurisdiction of the two European courts, which are independent of each other, also differs regarding the states under their jurisdiction, as well as in terms of structure, competencies, procedures, number, and recruitment of judges, among other aspects. From this perspective, it is possible (and it happens) that the Court of Justice of the European Union (CJEU), based in Luxembourg and responsible for safeguarding the CFR (as well as all EU law), and the European Court of Human Rights (ECtHR), located in Strasbourg and tasked with applying the European Convention, do not decide in the same way in similar cases involving, in principle, the same rights (Sarlet, 2021) .
In the Brazilian context, the situation differs to a large extent, as in the Americas, where the American Convention on Human Rights prevails, there is no other similar and competing document, nor is there a second judicial body responsible for protecting human rights in the three Americas (North, Central, and South). All this responsibility is concentrated in the Inter-American Court of Human Rights (IACtHR), headquartered in San José, Costa Rica (Sarlet, 2021) .
In this context, it is relevant to mention the so-called right to informational self-determination, which concerns the right of each person to control and determine, to some extent, the access and use of their personal data. Additionally, in assessing the legitimacy of restrictions on the right to data protection, it is important to use the principle of balancing and its techniques, such as proportionality criteria, to ensure proper evaluation (Sarlet, 2021) .
In the Brazilian context, it is essential to highlight the significance of the General Data Protection Regulation of Europe (GDPR) as a reference for the development of the General Data Protection Law (LGPD) (Sarlet, 2021) .
It is important to underline that the relationship between international human rights law, including the human right to personal data protection, and the Brazilian legal-constitutional order is related to the issue of the scope of the constitutional catalog of fundamental rights. According to Article 5, Paragraph 2, of the Federal Constitution, this catalog is not restricted to expressly mentioned rights but includes other rights derived from constitutional principles and the constant treaties on human rights ratified by Brazil (Sarlet, 2021) .
In Brazil, there are fundamental rights that are established in other parts of the Constitution, even if they are not explicitly mentioned, being deduced as implied rights from fundamental principles or other rights. An example of this is the right to informational self-determination, which is related to data protection. More recently, the concept of the right to be forgotten has also emerged, equally linked to data protection (Sarlet, 2021) .
The status of a fundamental right is conferred based on the established constitutional legal regime, which can vary according to the characteristics of each constitutional order. This legal regime, in turn, implies that fundamental rights are legal positions that individuals can invoke against the State, as “trump cards” against the majority, as conceived by Dworkin (Dworkin, 2002) . This means that such legal positions are original and cannot be completely altered or disposed of by public authorities, due to their relevance from the perspective of the constituent power, as defended by Alexy (Alexy, 2018) .
From a material perspective, it is not difficult to demonstrate the importance of values, principles, and fundamental rights related to data protection, both for the individual sphere of each person and for the collective interest of society and the State. Among these values, the principle of human dignity, the right to free development of personality, and the right to privacy stand out, among others. All these elements are essential to ensure respect for individuality, autonomy, and integrity of individuals in the context of data protection (Sarlet, 2021) .
Regarding formality, the right to data protection serves as a parameter for assessing the constitutional legitimacy of infraconstitutional legal acts and actions (or omissions) of the public authorities in general, even if it is not explicitly enshrined in the Constitution. Moreover, this right also extends to private relationships, which will be explored in more detail later. In other words, even if not explicitly enshrined in the Constitution, the right to data protection has a fundamental nature that influences the validity and application of other legal norms (Sarlet, 2021) .
The constitutional-legal regime or the implicit guarantees provided by the formal constitution do not necessarily require uniform treatment from each specific constitutional order. However, various common elements can be identified among them (Sarlet, 2021) .
One of the guarantees is that fundamental rights norms are immediately applicable and directly bind all powers and state acts, without leaving gaps. Additionally, these norms also have effectiveness in relations between individuals, either directly or indirectly (Sarlet, 2021) .
The relationship between the principle of human dignity and the fundamental right to personal data protection is close, although it can be understood differently in different legal orders. Two main points of connection are the principle of autonomy (self-determination) and personality rights, represented by the right to free development of personality, as well as specific rights to privacy and informational self-determination. These rights are interconnected, although there are other possibilities beyond those mentioned (Sarlet, 2021) .
Regarding the right to personal data protection, the principle of human dignity plays a significant role, both in the foundation of the fundamental nature of this right and in defining its content. Through this principle, points of connection with other principles and fundamental rights can be identified, contributing to the understanding and application of this right (Sarlet, 2021) .
In Germany, it is commonly emphasized that the recognition of the right to informational self-determination first occurred not through the constitutional text but due to a paradigmatic decision of the Federal Constitutional Court. This decision was made in the context of reviewing the constitutionality of certain aspects of the census law passed by the Federal Parliament, resulting in the temporary suspension of its implementation by the Court (Sarlet, 2021) .
According to Hans-Peter Bull, the first head of Germany’s federal data protection agency, the Constitutional Court focused on the moral and political core of concerns related to ensuring citizens’ freedom from state repression. In this way, the argumentation presented in the decision was directed toward protecting human beings’ freedom of action, with transparency in data collection considered a means to achieve this purpose (Sarlet, 2021) .
The right to personal data protection has a broader scope, as it encompasses all data related to a natural person based on an expanded concept of information, regardless of the sphere of their personal life to which it refers (intimate, private, familial, social). Therefore, any attempt at thematic delimitation is inadequate (Sarlet, 2021) .
The right to data protection is not limited to the protection of privacy; it is considered an autonomous fundamental right closely linked to personality safeguarding. It is relevant to note that the widely outdated conception that the fundamental right to data protection is merely an evolution of the right to privacy is considered a “flawed dogmatic construction” (Bioni, 2020) .
The ongoing evolution of information technologies and the need for appropriate regulation to protect fundamental rights, including personal data protection, highlighted the inadequacy of the right to informational self-determination. It is important to emphasize that this right does not simply replace other rights, such as the right to privacy, but coexists with them. The dynamics of this context underscore the importance of a comprehensive and multifaceted approach to protecting fundamental rights in the context of personal data protection (Sarlet, 2021) .
In the relevant context, it is important to mention another significant contribution from German constitutional jurisprudence, which is the recognition by the Federal Constitutional Court of a fundamental right to ensure the confidentiality and integrity of technical-informational systems (Grundrecht auf Gewährleistung der Vertraulichkeit und Integrität informationstechnischer Systeme), also known as IT-Grundrecht (Sarlet, 2021) .
In the case at hand, the constitutionality of a law from the German state of Nordrhein-Westfalen authorizing law enforcement authorities to adopt secretive measures of internet surveillance and remote monitoring, including secret and remote access to information technology systems like computers, to combat increasing crime, especially organized crime and terrorism, with the aim of protecting the state’s constitutional order, was under review (Menke, 2015) .
With the recognition of this new right, an attempt was made to fill the protection gaps left by guarantees of inviolability of the domicile, secrecy of communications, and the right to informational self-determination, which did not adequately cover the new forms of threats and violations of fundamental rights. This new right assumed the status of a general clause, applied subsidiarily, to protect against such threats and violations (Sarlet, 2021) .
One of the gaps not covered by the right to informational self-determination is related to the fact that third parties who have access to data stored in technical information systems are not subject to the rules of data collection and processing. Therefore, one of the differences between these two rights lies in the fact that informational self-determination refers to individual data or sets of data, while the right to ensure the confidentiality and integrity of technical-informational systems aims to protect the system as a whole (Sarlet, 2021) .
3.2. Data Protection in Brazil and in Europe
The Brazilian Federal Constitution, even though mentioning in Article 5, Clause XII, the confidentiality of data communications, does not explicitly include a fundamental right to protection and free disposition of data by its owner (Sarlet, 2021) .
On the other hand, the protection of personal data is also partially and indirectly safeguarded by the provision of the habeas data action (Article 5, LXXII, of the CF), a constitutional action with the status of an autonomous fundamental guarantee. This action aims to guarantee individuals the knowledge and the possibility of seeking the rectification of data recorded in databases of governmental or public entities (Sarlet, 2021) .
The right to protection of personal data can and should be related and linked to general and specific fundamental principles and rights. This includes the principle of human dignity, the fundamental right to free development of personality (also implicitly recognized), the general right to freedom, as well as the special rights of personality most relevant in the context, such as the right to privacy and intimacy, as established in the Federal Constitution (Doneda, 2011) , in the sense of what is also referred to as “computer intimacy” (Sampaio, 2011) .
However, it is likely that the closest direct constitutional basis for a fundamental right to data protection is the right to free development of personality, which also plays the role of a general clause protecting all facets of human personality (Sarlet, 2021) .
The Brazilian Federal Constitution implicitly recognized a fundamental right to the protection of personal data (Limberger, 2007; Mendes, 2013) .
We cannot fail to mention the judgment by the Plenary of the Brazilian Supreme Federal Court (STF) on May 7, 2020, which confirmed the preliminary injunction issued on April 17, 2020, by Justice Rosa Weber, the rapporteur of Direct Action of Unconstitutionality (ADI) No. 6387. This preliminary measure suspended the effectiveness of Provisional Measure No. 954, which required telecommunications companies to provide the Brazilian Institute of Geography and Statistics with the names, addresses, and telephone numbers of more than one hundred million Brazilians. The justification for the suspension was that this measure would represent an illegitimate restriction on constitutional rights to privacy, intimacy, and confidentiality of personal data, as it was inconsistent with the principles of proportionality and reasonableness (Sarlet, 2021) .
Continuing along this line, it is important to highlight that, although still under deliberation in the National Congress, we cannot fail to mention the proposal for inclusion, as provided in Constitutional Amendment Proposal (PEC) 17/2019 (Senado Federal do Brasil, 2019) . As part of this proposal, there is an attempt to add a fundamental right to the protection of personal data to the constitutional list of rights, through the inclusion of Clause XII-A in Article 5 and Clause XXX in Article 22. This measure also provides for the exclusive competence of the Union to legislate on this matter, as established in the latter case mentioned (Sarlet, 2021) .
Although it is possible to recognize data protection as an implicit fundamental right, the act of formally enshrining this right carries an additional value. Its formalization implies assigning a substantial positive value in relation to the current state of data protection in Brazil, adding greater importance and legal protection to this right (Sarlet, 2021) .
Among the reasons that can be mentioned are (Sarlet, 2021) : 1) Despite intersections and connections with other rights, data protection is ensured as an autonomous fundamental right, with its own scope of protection and independence. 2) The right to data protection is unquestionably granted the complete constitutional and legal regime related to its status as a fundamental right, both in material and formal terms, already enshrined in the text of the Federal Constitution, as well as in Brazilian constitutional doctrine and jurisprudence.
Furthermore, it is important to emphasize that, according to Paragraphs 2 and 3 of Article 5 of the Federal Constitution, the normative framework that establishes and outlines the scope of protection, functions, and dimensions of the fundamental right to data protection is also integrated—albeit this circumstance is often overlooked—by the international human rights treaties ratified by Brazil. Particularly relevant for proper understanding and a correct approach at the national level are the American Convention on Human Rights of San José, Costa Rica, and the International Covenant on Civil and Political Rights, including their interpretation by relevant judicial and non-judicial bodies (Sarlet, 2021) .
This assumes significant importance, especially considering the current position of the Brazilian Supreme Federal Court (STF) on the matter, since duly ratified human rights treaties are assigned a supralegal normative hierarchy. Therefore, it is expected that the national normative framework, which is below the Constitution, not only is consistent in formal and material terms with the Federal Constitution but also complies with the parameters of these international documents. Thus, it is subject to what is known as the control of conventionality, which can be exercised by the judiciary (Sarlet, 2021) .
In this context, even though there is (as of yet) no specific international human rights treaty on data protection ratified through the appropriate procedure, it does not mean that Brazil is politically, legislatively, and legally isolated on this issue. This can be illustrated by the broad incorporation of the European General Data Protection Regulation (GDPR) by the new Brazilian General Data Protection Law (LGPD). Furthermore, both in doctrine and jurisprudence, dogmatic and interpretive parameters have been adopted, such as the mentioned right to informational self-determination, among other relevant examples. Although there is no specific international treaty, Brazil has sought to align itself with international standards and references through these approaches (Sarlet, 2021) .
It is important to highlight that several existing laws already address relevant aspects of data protection. Among these, we can mention the Access to Information Law (Law 12.527/2011), the Internet Civil Rights Framework (Law 12.965/2014) and its respective Decree (Decree 8.771/2016), as well as the General Data Protection Law (Law 13.709/2018). These legal instruments are examples of regulations that deal with different aspects related to data protection, contributing to the current normative framework in this area (Sarlet, 2021) .
Therefore, an interpretation and constitutionally appropriate application of the fundamental right to data protection must consider a systematic approach. Although this right possesses an autonomous character, it is essential that there be dialogue and interaction with other fundamental principles and rights. This interaction may involve competition, tension, and collisions, but it is fundamental to determine the scope of the right’s protection, establishing direct and indirect limits. Thus, understanding this right must be balanced, considering the set of principles and fundamental rights present in the legal system (Sarlet, 2021) .
4. Conclusion
In conclusion, the discourse surrounding the concept of privacy necessitates a nuanced approach that acknowledges its intricate nature and the evolving societal contexts that shape its definition and significance. Throughout history, privacy has transitioned from a notion less prioritized to a fundamental cornerstone of modern societies. The intricate nature of privacy, as seen through its etymological origins and its evolving definitions across various legal systems, underscores the challenges of creating a universally applicable and precise definition. The terminological variations, such as “private life,” “intimacy,” and “personal data protection,” each hold specific connotations within their respective contexts and are integral to understanding the multi-dimensional nature of privacy.
The emergence of privacy as an essential component of personal autonomy, individualism, and democratic societies cannot be understated. As societies transitioned into urbanized and digitally driven landscapes, the protection of privacy extended beyond mere spatial boundaries to encompass control over personal information, a transformation catalyzed by technological advancements and the ubiquity of information processing. Consequently, the dialogue on privacy has broadened to include the protection of personal data and the digital footprint of individuals, culminating in the recognition of data protection as a fundamental right within many legal frameworks.
While the lack of a universally accepted definition of privacy may seem like a challenge, it can also be seen as a reflection of its dynamic and adaptive nature. Rather than being a deficiency, this fluidity invites a broader discussion on the essence of privacy within the context of changing societal paradigms and technological advancements. Scholars and jurists alike grapple with these complexities, navigating the intricacies of integrating traditional concepts of privacy with contemporary challenges posed by the digital age.
In essence, privacy serves as an intricate tapestry interwoven with personal autonomy, informational self-determination, and the preservation of human dignity. Its significance expands beyond individual rights to encompass broader societal values, democratic ideals, and the preservation of a space where individuality can flourish. As technological landscapes continue to evolve, the concept of privacy will inevitably be tested and redefined. In this ever-changing landscape, the recognition of privacy’s fundamental role in shaping both individual lives and the fabric of societies remains an imperative, prompting ongoing dialogues, legal adaptations, and philosophical contemplations to ensure its enduring protection and relevance.
In conclusion, the intricate relationship between fundamental rights, international human rights treaties, and personal data protection underscores the inherent complexity of ensuring privacy and self-determination in the contemporary landscape. The right to data protection emerges as an intrinsic facet of human dignity, fortified by its constitutional and international legal enshrinements. The dynamic nature of this right not only highlights its fundamental status but also underscores its interdependence with other principles such as freedom of expression and public safety. Hence, as technologies and norms continually evolve, a balanced and integrated approach is imperative, one that secures individuals’ rights while simultaneously fostering societal and technological progress.
The recognition and safeguarding of the right to data protection constitute a crucial cornerstone in constructing a digital environment that upholds human rights. The convergence of national constitutional provisions and international treaty obligations underscores the significance of harmonizing legal frameworks to effectively navigate the challenges posed by an interconnected world. Striking this balance requires nuanced and adaptable legal interpretations, acknowledging the need for safeguards while permitting innovation and global connectivity.
Moreover, the integration of data protection within the broader context of fundamental rights underscores the principle that the two are inseparable, with each enhancing the other’s effectiveness. A holistic approach that considers the intricate interplay between individual autonomy, security, and societal welfare is key to crafting comprehensive legal solutions that stand the test of time. In this pursuit, national jurisdictions and international bodies must collaborate to address the multifaceted dimensions of data protection, ensuring that legal frameworks continue to evolve in harmony with the ever-changing digital landscape.
In this vein, as technology’s rapid march forward shapes our societies, the preservation of personal data protection remains an evolving task. A commitment to ongoing dialogues, international cooperation, and adaptability in legal interpretations will be pivotal in navigating the intricate maze of challenges and opportunities that lie ahead. Only through such collective efforts can we achieve the delicate balance between safeguarding individual rights and advancing human progress in the digital age.